[Snort-users] Fallacies and lies.

Jason Haar Jason.Haar at ...294...
Wed Nov 5 15:11:07 EST 2003


I don't want to be seen to be standing up for Gartner - but one thing is
correct.

They say:

"They don't work at wire speeds. Most network-based IDS products don't detect
attacks in real time, and they can't handle the high speeds of internal
networks"

The last piece is correct - in a different context. If you want to start
pushing IDS "features" into your core INTERNAL network - then you really are
looking at IDS functionality within routers and switches - not extra boxes.

If you have 40 switches on your LAN - what would you prefer? 40 new IDS in
front of each, or switches that "do" IDS? What about the extra 70 Wireless
APs you have? You can't have them all sitting next to one IDS now can you...

Either switches add IDS functionality, or IDS needs to add switch
functionality ;-)


...or we all go to migrating to HIDS [that's where I think the future lies -
even IDS in switches can't handle IPSec]

-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1




More information about the Snort-users mailing list